Bringing Your Business Online Securely
Published on 24 Apr 2020 | Updated on 24 Apr 2020
With the implementation of stricter safe distancing measures, many businesses are quickly turning to e-commerce to continue their operations and retain service offerings for their customers.
For businesses embarking on e-commerce for the first time, it may be a daunting task given the need to set up a website, list your business offerings online, making sure that there is a secure payment system for customers to make their payment, and also for your business to receive the money. You will also want to make sure that any data collected is properly secured and that your business can handle heavy customer traffic, as well as defend against any possible bad actors attempting to disrupt your business. Businesses can refer to our tips below to create a trusted environment for transactions and strengthen the back-end systems of your online business. We hope that with these tips, you can enhance the transactional experience for your customer and also protect your business from cyber criminals.
Creating a Trusted Environment for Transactions
It is important to create a trusted environment for customers to feel confident in their online transactions with the business.
Choosing a Content Management System (CMS)
A CMS is a platform that allows users to publish, edit, and modify content for a website. Such platforms allow owners to quickly update and maintain content on their websites without needing to know programming languages. This is useful in the current context, where businesses may have to update their business information on their website quickly.
Businesses should choose a CMS based on functionality and flexibility best suited for their needs. Open source CMS tend to be less expensive because the platforms are built and updated by a community of developers. Also, CMS backed by a large, active community is more likely to be able to detect and fix vulnerabilities in the system quickly. Businesses may also be able to find numerous customisation options and plugins with open source CMS to meet your needs. For businesses that may require more specialised or proprietary needs, consider picking a closed-source CMS that is specialised to the needs of your industry. Such closed-source CMS providers can provide software and dedicated services unique to the businesses. The provider will also maintain its own team to manage the security of the CMS solution.
Finding a Reputable Hosting Provider
Choose a reputable web hosting company to host your online business. Such hosting providers are more likely to stay updated with the latest cyber threats and keep your website protected. If your business requires frequent file access, transfer or management, look for hosting providers that offer Secure File Transfer Protocol (SFTP) to provide secure file transfer capability. SFTP helps to ensure a secure connection by encrypting the contents of a file that is being transferred, so that it cannot be viewed or accessed by anyone who attempts to eavesdrop on the file transfer session.
You should also factor in the operating needs of your business to find a hosting provider that can meet your needs, e.g., if your business requires 24/7 technical support to resolve issues in real-time or if you require automatic backups of your files.
Securing the Account and the Transaction
Enforce the need for customers to use a strong password for their online account. Where possible, businesses should implement a two-factor authentication (2FA) as part of the customer login process. This additional verification process helps to provide an extra layer of protection and reduce the chances of cyber criminals gaining access to the customer’s account.
Businesses should also install Secure Sockets Layer (SSL) certificates on their web server to secure and safeguard any data that is sent from the browser to the web server. This prevents a cyber criminal from accessing or modifying any information transferred, such as customer’s personal particulars or credit card details. HTTPS (Hyper Text Transfer Protocol Secure) appears in the website URL when the website is secured by an SSL certificate.
Payment gateways are useful for businesses that do not want to store private financial data on their websites for security purposes. As the payment process also contributes to the customer experience, businesses should look for trusted payment gateway services that can host your customers’ data securely on their platform and also offer a good spectrum of relationships with banks that are able to transfer funds from the customers’ accounts to you. The added benefit in using a payment gateway service is that the customer’s financial data is collected directly on the third-party site and not from your own site, removing the incentive for cyber criminals to target your site.
Strengthening the Back-End of your Online Business
Using and Maintaining Security Software and Applications
Install web application firewalls and security plugins to block unauthorised traffic and malicious requests from accessing your network or system. These reinforce the security protection for your website and safeguard against cyber threats like cross-site scripting, code injection or brute-force attacks. Make sure that all software or applications are patched and up to date. Businesses can also do this easily by enabling automatic updates.
Ensure that all default usernames, passwords and settings are changed immediately after setting up the website(s), routers, servers and any other devices that are connected. Use a strong password and avoid using the same passwords for the different devices. For administration of the website, implement 2FA for the login.
Implement reCAPTCHA on your website to block spam bots or automated software from interacting with your online site. This can help stop spammers from overloading your online site or server with millions of bot requests and prevent it from going down. For businesses that requires high website availability, you can also make use of website monitoring services that can give you timely notifications if your website is experiencing downtime or issues with core functions. This can help to draw early attention to issues for mitigation and containment.
Ensuring Availability and Privacy of Important Business Data
Businesses that regularly back up their important business data and keep it offline are less at risk of being seriously affected by ransomware attacks. Depending on your business needs, businesses need to maintain backup copy(ies) of your database and files regularly. It is important that the backup data is stored offline and not connected to your systems.
As an additional good practice, encrypt all sensitive data so that even if the data has been stolen, it is more difficult for cyber criminals to physically access the encrypted information.
Keeping Up with the Housekeeping
Regularly monitor and review administrator-level accounts and privileges for access and activities. Remember to remove any database, application or plugin files from your online business when they are no longer in use. Obsolete accounts should also be deleted. Regularly reviewing and performing such housekeeping activities can help in removing potential entry points for cyber criminals to breach your system and to detect abnormal activities quickly.
References:
https://enterprise.verizon.com/resources/reports/dbir/2019/retail/
https://heimdalsecurity.com/blog/cybersecurity-guide-for-small-businesses/
